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is claimed is: 

A method of evaluating fraud risk of an electronic commerce transaction, the method 
comprising the computer-implemented steps of: 

receiving transaction information that defines the electronic commerce transaction; 



determining a first fraud risk score value associated with the electronic transaction 
based on applying a plurality of tests to the transaction information, wherein 
each of the plurality of tests determines whether the transaction information 
appears to represent a genuine transaction based on specified criteria; 

determining a second fraud risk score value associated with the electronic transaction 
based on a comparison of the transaction information to historical transaction 
information; 

combining the first fraud risk score value and the second fraud risk score value using 
a statistical model to result in creating a model score value; 

blending the model score value with one or more merchant-specific threshold values 
to result in creating and storing a final fraud risk score value for the 
transaction. 

A method as recited in Claim 1, wherein receiving transaction information comprises 
the steps of receiving transaction information that defines the electronic commerce 
transaction for a particular Internet identity, and wherein determining a second fraud 
risk score value comprises the steps of determining a second fraud risk score value 
associated with the electronic transaction based on a comparison of the transaction 
information to historical transaction information for other transactions pertaining to 
the same Internet identity. 

A method as recited in Claim 2, wherein an Internet identity comprises a first hash 
value of an email address of a prospective purchaser carried in combination with a 
second hash value of a card bank identification number of the prospective purchaser. 
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1 4. A method as recited in Claim 2, wherein an Internet identity comprises a first hash 

2 value of an email address of a prospective purchaser carried in combination with a 

3 second hash value of a card bank identification number of the prospective purchaser 

4 and with a third hash value based on a shipping address of the prospective purchaser. 

5 5. A method as recited in Claim 2, wherein an Internet identity comprises a first hash 

6 value of an prospective purchaser's host IP address, in combination with a second 

7 hash value of an email address of a prospective purchaser carried, in combination with 

8 a third hash value of a card bank identification number of the prospective purchaser 

9 and a fourth hash value based on a shipping address of the prospective purchaser. 

10 6. A method as recited in Claim 2, wherein an Internet identity comprises a first hash 

1 1 value of a prospective purchaser's hardware device ID value, in combination with a 

12 second hash value of either the email address or user ID of the prospective purchaser, 

1 3 in combination with a third hash value of a card bank identification number of the 

14 prospective purchaser and with a fourth hash value based on a shipping address of the 

1 5 prospective purchaser. 

1 7. A method as recited in Claim 1 , wherein the step of determining the second fraud risk 

2 score value comprises the steps of: 

3 retrieving one or more records of historic transaction information pertaining to past 

4 transactions associated with the transaction information; 

5 when one of the records of historic transaction information is found to contain a fraud 

6 list tag, discontinuing further retrieval of such records; 

7 determining a second fraud risk score value associated with the electronic transaction 

8 based on only the retrieved records of historical transaction information in 

9 comparison to the transaction information. 
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A method as recited in Claim 1, wherein the step of determining the second fraud risk 
score value comprises the steps of: 

retrieving one or more records of historic transaction information pertaining to past 

transactions associated with the transaction information; 
when a specified large plurality of the records of historic transaction information is 

retrieved and further records of historic transaction information remain to be 

retrieved, discontinuing further retrieval of such records; 
determining a second fraud risk score value associated with the electronic transaction 

based on only the retrieved records of historical transaction information in 

comparison to the transaction information. 

The method as recited in Claim 1, wherein the step of blending the model score value 
comprises the steps of blending the model score value with one or more merchant- 
specific threshold values to result in creating and storing a final fraud risk score value 
for the transaction and one or more return code values that signal specified risk issues 
that have been detected with respect to the transaction. 

The method as recited in Claim 1, wherein determining the first fraud risk score value 
comprises the steps of determining a first fraud risk score value associated with the 
electronic transaction based on applying a plurality of tests to the transaction 
information, wherein one of the plurality of tests determines whether an Internet 
identity in the transaction information is found in a list of parties to known past 
fraudulent transactions. 

The method as recited in Claim 1, wherein determining the first fraud risk score value 
comprises the steps of determining a first fraud risk score value associated with the 
electronic transaction based on applying a plurality of tests to the transaction 
information, wherein one of the plurality of tests determines whether an Internet 
identity in the transaction information is found in a list of trusted parties. 
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12. A method as recited in Claim 1 , wherein determining the first fraud risk score value 
comprises the steps of determining a first fraud risk score value associated with the 
electronic transaction based on applying a plurality of tests to the transaction 
information, wherein one of the plurality of tests automatically determines whether a 
text value in the transaction information is unintelligible or meaningless, by the steps 
of: 

receiving the text value; 

for each bi-gram in the text value, retrieving from a table of bi-gram probability 

values a probability value that represents a probability that the bi-gram is 

found in a genuine text value; 
generating a penalty value when the retrieved probability values indicate that the text 

value comprises a combination of bi-grams that are not likely to represent a 

genuine text value. 

13. A method as recited in Claim 1 , wherein determining the first fraud risk score value 
comprises the steps of determining a first fraud risk score value associated with the 
electronic transaction based on applying a plurality of tests to the transaction 
information, wherein one of the plurality of tests automatically determines whether a 
name value in the transaction information is unintelligible or meaningless, by the 
steps of: 

receiving the name value; 

for each bi-gram in the text value, retrieving from a table of bi-gram probability 
values a probability value that represents a probability that the bi-gram is 
found in a genuine name value, wherein the table of bi-gram probability 
values is created based on an actual frequency of occurrences of bi-grams in a 
large sample of genuine names; 

generating a penalty value when the retrieved probability values indicate that the text 
value comprises a combination of bi-grams that are not likely to represent a 
genuine name value. 
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1 14. A method as recited in Claim 1 , wherein determining the first fraud risk score value 

2 comprises the steps of determining a first fraud risk score value associated with the 

3 electronic transaction based on applying a plurality of tests to the transaction 

4 information, wherein one of the plurality of tests automatically determines whether a 

5 city value in the transaction information is within an area code value of the transaction 

6 information, by the steps of: 

7 receiving the city value and the area code value as part of transaction information; 

8 determining a latitude value and a longitude value that represent a true position of a 

9 city identified in the city value; 

? 2 io determining a range of latitude values and a range of longitude values associated with 

SI 11 an area code identified in the area code value; 

]J 1 2 based on the latitude values and longitude values, determining whether the city 

H 13 identified in the city value is genuinely within the area code identified in the 

£ 14 area code value; 

f 1 5 applying a penalty to the transaction when the city identified in the city value is not 

l-L 16 within the area code identified in the area code value. 

O 1 15. A method as recited in Claim 1 , wherein determining the first fraud risk score value 

2 comprises the steps of determining a first fraud risk score value associated with the 

3 electronic transaction based on applying a plurality of tests to the transaction 

4 information, wherein one of the plurality of tests automatically determines whether a 

5 city value in the transaction information is within an email domain of the transaction 

6 information, by the steps of: 

7 receiving the city value and an email address value as part of transaction information; 

8 determining a latitude value and a longitude value that represent a true position of a 

9 city identified in the city value; 

1 0 determining a range of latitude values and a range of longitude values associated with 

1 1 an email domain portion of the email address value; 

-53- 

53588-0027 



# 



12 based on the latitude values and longitude values, determining whether the city 

1 3 identified in the city value is genuinely within the email domain indicated in 

14 the email address value; 

15 applying a penalty to the transaction when the city identified in the city value is not 

16 within the area code identified in the area code value. 

1 16. A method as recited in Claim 13, further comprising the steps of creating and storing 

2 an email domain location table comprising a plurality of records that associate email 

3 domain values with city values associated with shipping addresses of past non- 

4 fraudulent transactions. 



The method as recited in Claim 14, wherein determining whether the city identified in 
the city value is genuinely within the email domain comprises the steps of 
determining whether the city value is for a city that is outside the email domain as 
indicated by the records in the email domain location table. 

1 18. A method as recited in Claim 1 , wherein determining the first fraud risk score value 

2 comprises the steps of determining a first fraud risk score value associated with the 

3 electronic transaction based on applying a plurality of tests to the transaction 

4 information, wherein one of the plurality of tests automatically determines whether a 

5 country value in the transaction information is proximate to a bank referenced in a 

6 bank identification number of a credit card number in the transaction information, by 

7 the steps of: 

8 receiving the country value and a bank identification number of a credit card number 

9 as part of transaction information; 

1 0 determining a relative distance between a country identified in the country value and a 

1 1 bank associated with the bank identification number; 

12 based on the relative distance between the country and the bank, determining whether 

1 3 the country is too far from the bank; 

14 applying a penalty to the transaction when the country is too far from the bank. 
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A method as recited in Claim 18, further comprising the steps of creating and storing 
a bank location table comprising a plurality of records, wherein each record associates 
a bank identification number with a country value representing a country in which a 
headquarters of the bank is located. 

A method as recited in Claim 19, further comprising the steps of creating and storing 
a bank location table comprising a plurality of records that associate bank 
identification numbers with country values associated with shipping addresses of past 
non-fraudulent transactions. 

The method as recited in Claim 20, wherein determining whether the country 
identified in the country value is too far from the bank comprises the steps of 
determining whether the country value is for a country that is too far from the bank as 
indicated by the records in the bank domain location table. 

A method of determining evaluating fraud risk of an electronic commerce transaction, 

the method comprising the computer-implemented steps of: 

receiving transaction information that defines the electronic commerce transaction; 

determining a first fraud risk score value associated with the electronic transaction 
based on applying a plurality of tests to the transaction information, wherein 
one of the plurality of tests automatically determines whether a name value in 
the transaction information is unintelligible or meaningless, by: 
receiving the name value; 

for each bi-gram in the text value, retrieving from a table of bi-gram 



probability values a probability value that represents a probability that 
the bi-gram is found in a genuine name value, wherein the table of bi- 
gram probability values is created based on an actual frequency of 
occurrences of bi-grams in a large sample of genuine names; 
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14 generating a penalty value when the retrieved probability values indicate that 

15 the text value comprises a combination of bi-grams that are not likely 

16 to represent a genuine name value. 

1 23. A method of determining for an electronic commerce transaction whether a text value 

2 is gibberish, comprising the steps of: 

3 receiving the text value as part of transaction information of the electronic commerce 

4 transaction; 

5 identifying a succession of letter pairs in the received text value; 

6 for each identified letter pair, retrieving from a table of probability values a 

7 probability value that represents a probability that the identified letter pair is 

8 found in a genuine text value in a position equivalent to a position of each 

9 identified letter pair within the received text value; 

10 generating a fraud risk penalty value for the electronic commerce transaction when 

1 1 the retrieved probability values indicate that the received text value is not 

1 2 likely to represent a genuine text value. 

1 24. A computer-readable medium carrying one or more sequences of instructions for 

2 evaluating fraud risk of an electronic commerce transaction, which instructions, when 

3 executed by one or more processors, cause the one or more processors to carry out the 

4 steps of: 

5 receiving transaction information that defines the electronic commerce transaction; 

6 determining a first fraud risk score value associated with the electronic transaction 

7 based on applying a plurality of tests to the transaction information, wherein 

8 each of the plurality of tests determines whether the transaction information 

9 appears to represent a genuine transaction based on specified criteria; 

10 determining a second fraud risk score value associated with the electronic transaction 

1 1 based on a comparison of the transaction information to historical transaction 

12 information; 

1 3 combining the first fraud risk score value and the second fraud risk score value using 

14 a statistical model to result in creating a model score value; 
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1 5 blending the model score value with one or more merchant-specific threshold values 

1 6 to result in creating and storing a final fraud risk score value for the 

17 transaction. 



1 25. An apparatus for evaluating fraud risk of an electronic commerce transaction, 

2 comprising: 

3 means for receiving transaction information that defines the electronic commerce 

4 transaction; 

5 means for determining a first fraud risk score value associated with the electronic 

6 transaction based on applying a plurality of tests to the transaction 

7 information, wherein each of the plurality of tests determines whether the 

8 transaction information appears to represent a genuine transaction based on 

9 specified criteria; 

10 means for determining a second fraud risk score value associated with the electronic 

1 1 transaction based on a comparison of the transaction information to historical 

12 transaction information; 

13 means for combining the first fraud risk score value and the second fraud risk score 

14 value using a statistical model to result in creating a model score value; 

1 5 means for blending the model score value with one or more merchant-specific 

16 threshold values to result in creating and storing a final fraud risk score value 

1 7 for the transaction. 

1 26. An apparatus for evaluating fraud risk of an electronic commerce transaction, 

2 comprising: 

3 a processor; 

4 one or more stored sequences of instructions which, when executed by the processor, 

5 cause the processor to carry out the steps of: 

6 receiving transaction information that defines the electronic commerce 

7 transaction; 
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8 determining a first fraud risk score value associated with the electronic 

9 transaction based on applying a plurality of tests to the transaction 

1 0 information, wherein each of the plurality of tests determines whether 

1 1 the transaction information appears to represent a genuine transaction 

1 2 based on specified criteria; 

13 determining a second fraud risk score value associated with the electronic 

14 transaction based on a comparison of the transaction information to 

1 5 historical transaction information; 

16 combining the first fraud risk score value and the second fraud risk score value 

1 7 using a statistical model to result in creating a model score value; 

1 8 blending the model score value with one or more merchant-specific threshold 

19 values to result in creating and storing a final fraud risk score value for 

20 the transaction 
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